Presentation is loading. Please wait.

Presentation is loading. Please wait.

Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.

Published byRudolf Hutchinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison."— Presentation transcript:

1 Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison

2  Introduction  Architecture & Seven key mechanisms ◦ Architecture ◦ Control mechanisms ◦ Methods for proagation and attack  Contributions  Shortfalls

3  The evolution of malware is primarily driven by improvements in defense mechanisms.  Worms and DoS attacks get a lot of media coverage while a major problem is overlooked.  Botnets are a more serious threat on the Internet today.  Botnets trace their roots to a benign management system.

4  Botnets have increased in capability over the years.  Botnets have become quite extensive.  Focus has changed from vandalism to for- profit malicious activity.

5  Comparison of 4 different Bot families. ◦ Agobot ◦ SDBot ◦ SpyBot ◦ GT Bot

6  Architecture  Botnet Control Mechanisms  Host Control Mechanisms  Propagation Mechanisms  Exploits and Attack Mechanisms  Malware Delivery Mechanisms  Obfuscation Mechanisms  Deception Mechanisms

7  20K LoC C/C++  Many high level components  IRC based C2 mechanism  Can launch different DoS attacks  Can harvest passwords  Fortify the system from attack  Actively attempts to prevent removal

8  3K LoC C  Does not try to hide its malicious intent  Contains exploits for P2P and comm programs  Has ip scanning capabilities  Modules for DoS attacks

9  SDBot  Uses a lightweight version of IRC,  Bots can rejoin channels if they get kicked.  They keep track of their master.  Commands are sent in the form of PRIVMSG.

10  GT Bot  Uses IRC as the control infrastucture  Very few commands that are consistent among members of the family  Can invoke ip scanning

11  Purpose is to fortify the compromised host against removal of the bot net  Agobot  Can return CD keys, registry info, emails  Able to kill specific processes that may try to cleans the infected host.

12  SDBot  Controls are somewhat limited  Can remotely download files  Can create and terminate processes  Can send cd keys for popular games to BotMaster

13  SpyBot and GT Bot  Have simple horizontal and vertical scanners  Just run through IPs in order.

14  Agobot  Very elaborate  Scans for back doors left by other worms  Scans for passwords from open SQL servers  Can enable 7 DDoS Attack commands

15  GTBot  Makes use of DCOM exploits  Has DDoS capabilities in the form of UDP and TCP floods.

16  GTBots  Deliver the exploit in a single script  AgoBot  It first exploits an existing vulnerability  Then opens a shell on the remote host

17  Agobot is the only one that has any obfuscation mechanisms.  It uses four different polymorphic schemes

18  Again Agobot is the only one that has any elaborate mechanism  Tests for debuggers  Tests for VMWare  Kills Anti Virus processes  Alters DNS entries for anti-virus updates to point to localhost

19  Compiled a lot of information about different flavors of Botnets.  Demonstrated that compromised machines not only acted as zombies for the master, opened users to ID theft.

20  While the paper covers many different effects of Botnets, it doesn’t give ways to alleviate them.

Download ppt "Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison."

Similar presentations

Botnets ECE 4112 Lab 10 Group 19.

Botnets ECE 4112 Lab 10 Group 19.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.
Botnets by Mehedy Masud September 16, 2009. Botnets ● Introduction ● History ● How to they spread? ● What do they do? ● Why care about them? ● Detection.

Botnets by Mehedy Masud September 16, Botnets ● Introduction ● History ● How to they spread? ● What do they do? ● Why care about them? ● Detection.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Monitoring botnets from within Students: Yevgeni Sabin, Alexander Chigirintsev Supervisor: Amichai Shulman Technion - Israel Institute of Technology COMPUTER.

Monitoring botnets from within Students: Yevgeni Sabin, Alexander Chigirintsev Supervisor: Amichai Shulman Technion - Israel Institute of Technology COMPUTER.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Similar presentations

Ads by Google